Re: [otrs] Stats-Module and problems with @Params

Wed, 26 Aug 2009 00:42:00 -0700 

Hi Renee,

short question, is that right (u.login = ?...):

    $Self->{DBObject}->Prepare(SQL => "SELECT ta.create_by,
                                        ta.time_unit,
                                        ta.ticket_id,
                                        t.customer_id,
                                        u.login,
                                        t.title
                                        FROM ticket t, time_accounting ta, 
users u
                                        WHERE t.id = ta.ticket_id
                                                AND (ta.change_by = u.id
                                                        AND (
                                                                month( 
ta.change_time ) = $Month
                                                                AND year( 
ta.change_time ) = $Year
                                                        )
                                                        AND (
                                                                t.queue_id IN ( 
5, 6, 8, 9, 10, 11, 12 )
                                                        )
                                                        AND (
                                                                u.login = ?
                                                        )
                                        )",
                                Bind => [ \$User ],
    );

Regards
Günther
-------- Original-Nachricht --------
> Datum: Wed, 26 Aug 2009 08:31:44 +0200
> Von: "Renee Bäcker" <mailinglis...@renee-baecker.de>
> An: "User questions and discussions about OTRS." <otrs@otrs.org>
> Betreff: Re: [otrs] Stats-Module and problems with @Params

> Petrucci schrieb:
> > Hi,
> >     push (@Params, {
> >             Frontend => 'User',
> >             Name => 'User',
> >             Multiple => 0,
> >             Size => 0,
> >             Data => {
> >                 %UserList,
> >             },
> > 
> > and in sub Run():
> > 
> > my $User = $Param{UserList};
> > 
> > 
> > but it fails, cause $User is empty, why?:
> 
> Because you said, that the selectbox has the name "User" and not
> "UserList". You said it with "Name => 'User'"
> 
> BTW: You should not use the Variable in the SQL statement. Use the Bind
> mechanism instead as this will improve security (any special characters
> are quoted automatically).
> 
> Instead of
> 
> $Self->{DBObject}->Prepare(
>   SQL => " ... UserLogin = $User"
> );
> 
> do this:
> 
> 
> $Self->{DBObject}->Prepare(
>   SQL => " ... UserLogin = ?",
>   Bind => [ \$User ],
> );
> 
> 
> Cheers,
> Renée
> 
> -- 
> 
> Perl-Magazin: http://perl-magazin.de
> Perl-Nachrichten: http://perl-nachrichten.de
> ---------------------------------------------------------------------
> OTRS mailing list: otrs - Webpage: http://otrs.org/
> Archive: http://lists.otrs.org/pipermail/otrs
> To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs
> 
> NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
> http://www.otrs.com/en/support/enterprise-subscription/

-- 
Jetzt kostenlos herunterladen: Internet Explorer 8 und Mozilla Firefox 3 -
sicherer, schneller und einfacher! http://portal.gmx.net/de/go/chbrowser
---------------------------------------------------------------------
OTRS mailing list: otrs - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/otrs
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW!
http://www.otrs.com/en/support/enterprise-subscription/

Reply via email to